<?php
// Add this to your main plugin file
require plugin_dir_path(__FILE__) . 'vendor/plugin-update-checker/plugin-update-checker.php';

// Include update checker - Assuming the 'vendor' directory is at the plugin root
// WP_NOTES_PATH is defined in your main plugin file (wp-notes.php)
// and points to the plugin's root directory.
require WP_NOTES_PATH . 'vendor/plugin-update-checker/plugin-update-checker.php';

function wp_notes_setup_updater() {
    if (!class_exists('YahnisElsts\PluginUpdateChecker\v5\PucFactory')) {
        return;
    }
    $myUpdateChecker = YahnisElsts\PluginUpdateChecker\v5\PucFactory::buildUpdateChecker(
        'https://github.com/your-username/wp-notes/', // Change this to your GitHub repository
        __FILE__,
        'wp-notes'
    );

    // Optional: Set the branch that contains the stable release
    $myUpdateChecker->setBranch('main');
}
add_action('init', 'wp_notes_setup_updater');

// Add update checking functionality
function wp_notes_check_for_updates() {
    // Check if the 'check_update' GET parameter is set and the user has the capability to manage plugin options.
    if (isset($_GET['check_update']) && $_GET['check_update'] === '1' && current_user_can('manage_a_wp_notes_options')) {
        // Verify the nonce. The nonce name 'a_wp_notes_check_update_nonce' and action 'a_wp_notes_check_update_action'
        // should match what's generated in admin-bar.php.
        if (!isset($_GET['a_wp_notes_check_update_nonce']) || !wp_verify_nonce(sanitize_key($_GET['a_wp_notes_check_update_nonce']), 'a_wp_notes_check_update_action')) {
            wp_die('Nonce verification failed!', 'Error', array('response' => 403));
        }
        // Trigger a manual update check
        wp_clean_plugins_cache();
        wp_update_plugins();
        
        add_settings_error(
            'wp_notes',
            'update_check',
            'Update check completed.',
            'updated'
        );
    }
}
add_action('admin_init', 'wp_notes_check_for_updates');

// Note: For the PucFactory::buildUpdateChecker, the second argument `__FILE__` currently refers to 
// `wp-notes-updater.php`. For the library to work correctly, this should typically be the path
// to your main plugin file (e.g., `WP_PLUGIN_DIR . '/a-wp-notes/a-wp-notes.php'`).
// This is a setup detail for the update checker rather than a direct security fix from this review.